Question No: 121 – (Topic 2)

For which router configuration is the attack-drop.sdf file recommended?

Routers with less than 128 MB of memory.

Routers with less than 64 MB of memory.

Routers with at least 128 MB of memory.

Routers with at least 192 MB of memory.

Routers with at least 256 MB of memory.

Answer: A Explanation:

An SDF has definitions for each signature it contains. After signatures are loaded and complied onto a router running Cisco IOS IPS, IPS can begin detecting the new signatures immediately. If the default, built-in signatures that are shipped with the routers are not used, then one of three different types of SDFs can be selected for download, which are pre-configured for routers with memory requirements:

->attack-drop.sdf file (which is a static file that has 83 signatures) is used for routers

with less than 128MB memory.

->128MB.sdf (which has about 300 signatures) is used for routers with 128 MB or more memory.

->256MB.sdf (which has about 500 signatures) is used for routers with 256 MB or more memory.

Question No: 122 – (Topic 2)

What is an RFC 2827 recommendation for protecting your network against DoS attacks with IP address spoofing?

Advertise only assigned global IP addresses to the internet

Use ingress traffic filtering to limit traffic from a downstream network to known advertised prefixes.

Use the TLS protocol to secure the network against eavesdropping

Brower-based applications should be filtered on the source to protect your network from know advertised prefix

Answer: B

Question No: 123 DRAG DROP – (Topic 2)

Drag and drop the description on the left onto the associated items on the right.

Answer:

Explanation:

Collection of similar programs that work together to execute specific tasks – botnet Independent malicious program copies itself from one host to another host over a network and carries other programs – Viruses

Programs that appear to have one function but actually perform a different function – Trojan horse

Programs that modify other programs and that attach themselves to other programs on execution – Worms

Question No: 124 – (Topic 2)

Which two statements about the IPv6 OSPFv3 authentication Trailer are true (choose two)

The AT-bit resides in the OSPFv3 Header field

The IPv6 Payload length includes the length of the authentication Trailer

It Provide an alternative option to OSPFv3 IPsec authentication

The AT-bit must be set only in OSPFv3 Hello packets that include an Authentication Trailer

The AT-bit must be set only in OSPFv3 Database Description packets that include an Authentication Trailer

The OSPFv3 packet length includes the length of the Authentication Trailer

Answer: D,E

Question No: 125 – (Topic 2)

Which two statements about Cisco MQC are true? (Choose two)

It can classify Layer 2 Packets from legacy protocols

By default, its uses match-any matching

A packet can match only one traffic class within an individual traffic policy

It allows you to link multiple traffic policies to a single traffic class.

Unclassified traffic is queued in a FIFO queue to be managed by the match not command configuration

It can handle Layer2 packets from legacy protocol without classifying them.

Answer: E,F

Question No: 126 – (Topic 2)

Which two ESMTP commands are supported by the ASA inspection engine? (Choose two.)

SOML

LINK

VERB

ONEX

ETRN

ATRN

Answer: A,E Explanation:

ESMTP is an enhancement to the SMTP protocol and is similar is most respects to SMTP. For convenience, the term SMTP is used in this document to refer to both SMTP and ESMTP. The application inspection process for extended SMTP is similar to SMTP application inspection and includes support for SMTP sessions. Most commands used in an extended SMTP session are the same as those used in an SMTP session but an ESMTP session is considerably faster and offers more options related to reliability and security, such as delivery status notification.

Question No: 127 – (Topic 2)

Which MAC address control command enables usage monitoring for a CAM table on a switch?

mac-address-table synchronize

mac-address-table limit

mac-address-table secure

mac-address-table notification threshold

mac-address-table learning

Answer: D Explanation:

mac-address-table notification threshold

To enable content-addressable memory (CAM) table usage monitoring notification, use the mac-address-table notification threshold command in global configuration mode. To disable CAM table usage monitoring notification, use the no form of this command.

Question No: 128 – (Topic 2)

Which two statements about Flexible Packet Matching are true? (Choose two)

It is supported by CSM management applications

It can classify traffic at the bit level

It can detected and filter malicious traffic

It provides stateful classification for Layer 2 to Layer 7 traffic

It can inspect non-IP protocol

Answer: B,C

Question No: 129 – (Topic 2)

Which statement about ACS rule-based policies is true?

The permissions for rule-based policies are defined in authentication profile.

Permission for rule-bases polices are associated with user group.

Rule-based polices can apply different permission to the same user under different condition

TACACS is one of the attributes included in the authorization profile

Answer: B

Question No: 130 – (Topic 2)

Which three items does TLS rely on to prove identity? (Choose three.)

certificates

password

username

Trustpoint

private keys

public keys

Answer: A,E,F Explanation:

The Secure Socket Layer (SSL) protocol and Transport Layer Security (TLS) are application-level protocols that provide for secure communication between a client and server by allowing mutual authentication, the use of hash for integrity, and encryption for privacy. SSL and TLS rely on certificates, public keys, and private keys.